On Fri, Aug 29, 2003 at 08:52:42PM +0200, Peter Eis wrote: > Why hazzle with iptables? > I'd rather recommend using shorewall (emerge shorewall). It's much > easier to configure and has as lot features you'll probably want.
I'll second that. Shorewall works at a higher level of abstraction - letting you design network zones and policies - rather that dealing with the details of constructing iptables commands. It's very flexible and, after a short learning curve, very powerful and easy to use. Nathan Meyers [EMAIL PROTECTED] > > Peter > > Andrew Gaffney wrote: > > >I'm trying to create a firewall using iptables. I want it to drop > >incoming packets except to ports 22, 25, and 80 unless the source > >address is 192.168.254.x. I'm asking before I do this because I'm > >accessing the computer remotely right now and I don't want to cut > >myself off from it. I'm thinking something like: > > > >iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT > >iptables -A INPUT -p tcp --dport 22 -j ACCEPT > >iptables -A INPUT -p tcp --dport 25 -j ACCEPT > >iptables -A INPUT -p tcp --dport 80 -j ACCEPT > >iptables -A INPUT -p all -j DROP > > > >-or- > > > >iptables -P INPUT DROP > >iptables -A INPUT -s 192.168.254.0/24 -p all -j ACCEPT > >iptables -A INPUT -p tcp --dport 22 -j ACCEPT > >iptables -A INPUT -p tcp --dport 25 -j ACCEPT > >iptables -A INPUT -p tcp --dport 80 -j ACCEPT > > > >Would either of these get me the desired results? > > > > > > -- > [EMAIL PROTECTED] mailing list > > > -- -- [EMAIL PROTECTED] mailing list
